lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4af2d03a0705010303v270e2b41jaf92058c87593070@mail.gmail.com>
Date:	Tue, 1 May 2007 12:03:03 +0200
From:	"Jiri Slaby" <jirislaby@...il.com>
To:	"Alan Cox" <alan@...rguk.ukuu.org.uk>
Cc:	"Ismail Dönmez" <ismail@...dus.org.tr>,
	"dann frazier" <dannf@...com>, linux-kernel@...r.kernel.org,
	support@...a.com.tw, dilinger@...ian.org
Subject: Re: old buffer overflow in moxa driver

On 5/1/07, Alan Cox <alan@...rguk.ukuu.org.uk> wrote:
> > > At the point you abuse these calls you can already just load arbitary
> > > data from userspace anyway.
> >
> > So the possible exploit will only work when run by root, is that what you
> > mean? If so isn't that still a security problem?
>
> To exploit the hole you need CAP_SYS_RAWIO which is the highest
> capability of all. CAP_SYS_RAWIO gives you the ability to access hardware
> directly so since it checks for CAP_SYS_RAWIO it isn't security.

I understand that, but without it, the driver might seem buggy as far
as the person with permissions can write bad values and cause BUG().
On the other hand if the user has CAP_SYS_RAWIO, he has access to
/dev/{k,}mem anyway ;).

> The patch isn't wrong however and adds some sanity checking so it would
> do no harm to send it to Andrew for -mm testing.

Yes.

regards,
-- 
http://www.fi.muni.cz/~xslaby/            Jiri Slaby
faculty of informatics, masaryk university, brno, cz
e-mail: jirislaby gmail com, gpg pubkey fingerprint:
B674 9967 0407 CE62 ACC8  22A0 32CC 55C3 39D4 7A7E
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ